|
⇤ ← Revision 1 as of 2010-12-08 13:49:09
Size: 2438
Comment:
|
Size: 2477
Comment: Add code blocks
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 6: | Line 6: |
| {{{ | |
| Line 11: | Line 11: |
| }}} | |
| Line 12: | Line 13: |
| * In order to encrypt a user password with MD5 hashing, issue the username secret global configuration command. | * In order to encrypt a user password with MD5 hashing, issue the '''username secret''' global configuration command. {{{ |
| Line 20: | Line 21: |
| }}} {{{ |
|
| Line 44: | Line 46: |
| }}} | |
| Line 74: | Line 76: |
| ! | |
| Line 76: | Line 77: |
| {{{ | |
| Line 94: | Line 96: |
| }}} | |
| Line 96: | Line 99: |
| {{{ | |
| Line 109: | Line 111: |
| }}} |
Secure Cisco Router
!Beginning with Cisco IOS Software Release 12.4(6)T control-plane host management-interface GigabitEthernet 0/1 allow ssh https !
In order to encrypt a user password with MD5 hashing, issue the username secret global configuration command.
! username <name> secret <password> ! The small services are disabled by default in Cisco IOS Software Releases 12.0 and later. In earlier software, the no service tcp-small-servers no service udp-small-servers
no ip bootp server no ip finger no service dhcp no mop enabled no ip domain-lookup no service pad no ip http server no ip http secure-server no service config !!no cdp enable no lldp transmit no lldp receive no lldp run global ! line con 0 exec-timeout <minutes> [seconds] line vty 0 4 exec-timeout <minutes> [seconds] ! ! service tcp-keepalive-in service tcp-keepalive-out !
Notifications
! memory free low-watermark processor <threshold> memory free low-watermark io <threshold> ! memory reserve critical <value> ! ! snmp-server enable traps cpu threshold ! snmp-server host <host-address> <community-string> cpu ! process cpu threshold type <type> rising <percentage> interval <seconds>
[falling <percentage> interval <seconds>]
process cpu statistics limit entry-percentage <number> [size <seconds>] ! ! memory reserve console 4096 ! show memory debug leaks ! exception memory ignore overflow io exception memory ignore overflow processor ! ! exception crashinfo maximum files <number-of-files> !
ACL filtering
ip access-list extended ACL-INFRASTRUCTURE-IN ! !--- Deny IP fragments using protocol-specific ACEs to aid in !--- classification of attack traffic ! deny tcp any any fragments deny udp any any fragments deny icmp any any fragments deny ip any any fragments ! !--- Deny IP packets containing IP options ! deny ip any any option any-options ! !--- Deny IP packets with TTL values insufficient to traverse the network ! deny ip any any ttl lt 6
ip domain-name example.com ! crypto key generate rsa modulus 2048 ! ip ssh time-out 60 ip ssh authentication-retries 3 ip ssh source-interface GigabitEthernet 0/1 ! line vty 0 4 transport input ssh !
...